The CyberWire Daily Briefing, 8.14.19

Cyber Attacks, Threats, and Vulnerabilities

Foreign power was behind cyber attack on Czech ministry: Senate (Reuters) A foreign state staged the latest cyber attack targeting the Czech Foreign Minis...

New BlueKeep-Style Bugs Renew the Risk of a Windows Worm (WIRED) Vulnerabilities in Microsoft's Remote Desktop Protocol continue to plague the web.

Analysis | The Cybersecurity 202: Hackers just found serious vulnerabilities in a U.S. military fighter jet (Washington Post) And they did it with the Air Force's blessing.

'Screwed Drivers': Driver Vulnerabilities affect Intel, AMD (CRN Australia) Attackers can take over Windows even after OS wipes.

British Airways Has Yet Another Security Problem, New Report Says (Fortune) British Airways' check-in links are leaking sensitive information that hackers could use to access itinerary information, according to a security firm.

British Airways sending vulnerable check-in links (Wandera) Wandera’s threat research team has discovered a vulnerability affecting British Airways’ e-ticketing system that exposes passengers’ personally identifiable information (PII).Airline check-in links that are unencrypted and easily intercepted enable unauthorized third parties to view and ch

Biometrics of one million people discovered on publicly accessible database (Computing) Biostar 2 database, used for access control by police, defence contractors and banks, found online unprotected and unencrypted

Report: Data Breach in Biometric Security Platform Affecting Millions of Users (vpnMentor) Led by internet privacy researchers Noam Rotem and Ran Locar, vpnMentor’s team recently discovered a huge data breach in security platform Biostar 2. ...

Hacker site’s incriminating database published online by rival group (Ars Technica) Fortnite cracks, software exploits among the topics discussed in almost 357,000 PMs.

Facebook has been listening to users' voice messages without their knowledge (The Telegraph) Facebook has been paying hundreds of people to listen to users' private audio clips without their knowledge.

Facebook Paid Hundreds of Contractors to Transcribe Users’ Audio (Bloomberg) Social network says it paused human review of conversations. Apple, Amazon, Google have been scrutinized for similar work.

Choice Hotels data breach leaks 5.6 million customer records: report (Comparitech) Hackers apparently stole and demanded ransom for more than 5.6 million customer records belonging to major hotel franchisor Choice Hotels.

Chrome Incognito mode detection fix busted by researchers (Naked Security) Remember that Chrome update that stopped websites from detecting Incognito mode? Well, researchers claim to have found a way around it.

Varonis Uncovers New Malware Strains and a Mysterious Web Shell During A Monero Cryptojacking Investigation (Varonis) The Varonis Security Research team recently investigated an ongoing cryptomining infection that had spread to nearly every device at a midsize company. Analysis of the collected malware samples revealed a new variant, which the team dubbed “Norman,” that uses various techniques to hide and avoid discovery. We also discovered an interactive Web Shell that may be related to the mining operators.

Serious security flaws discovered in six widely used enterprise printers (Computing) Some of the security flaws date back 30-40 years - but probably didn't matter in pre-internet days,Threats and Risks,Security ,Security,Kyocera,Xerox,Ricoh,Lexmark,HP,Brother,Printers,SNMP

Hacked devices can be turned into acoustic weapons (Naked Security) Security researcher Matt Wixey found that many gadgets aren’t protected from being turned into hearing-damaging weapons. Or melting.

Siemens SIMATIC PCS7, WinCC, TIA Portal (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC PCS7, WinCC Runtime Professional, WinCC (TIA Portal) Vulnerabilities: SQL Injection, Uncaught Exception, Exposed Dangerous Method 2.

Siemens Spectrum Power (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 4.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Spectrum Power Vulnerability: Cross-site Scripting 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-190-04 Siemens Spectrum Power that was published July 9, 2019, on the ICS webpage on us-cert.gov.

Siemens SIMATIC WinCC and PCS7 (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC WinCC and SIMATIC PCS7 Vulnerability: Unrestricted Upload of File with Dangerous Type 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory titled ICSA-19-192-02 Siemens SIMATIC WinCC and PCS7 that was published July 11, 2019, on the ICS webpage of us-cert.gov.

Siemens SCALANCE X Switches (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE X switches Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition.

Delta Industrial Automation DOPSoft (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Delta Electronics Equipment: Delta Industrial Automation DOPSoft Vulnerabilities: Out-of-bounds read, Use after free 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow information disclosure, remote code execution, or crash of the application.

Siemens SIPROTEC 5 and DIGSI 5 (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIPROTEC 5 and DIGSI 5 Vulnerabilities: Improper Input Validation 2 UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-190-05 Siemens SIPROTEC 5 and DIGSI 5 that was published July 09, 2019 on the ICS webpage on us-cert.gov.

Mitsubishi Electric smartRTU and INEA ME-RTU (CISA) 1 EXECUTIVE SUMMARY CISA is aware of a public report of vulnerabilities with proof-of-concept (PoC) exploit code affecting Mitsubishi Electric smartRTU (Versions 2.02 and prior) and INEA ME-RTU (Versions 3.0 and prior), remote terminal unit products. According to this report, there are multiple vulnerabilities that could be exploited to gain remote code execution with root privileges. CISA has notified Mitsubishi Electric of the report and has asked them to confirm the vulnerabilities and identify mitigations.

OSIsoft PI Web API (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Exploitable remotely Vendor: OSIsoft LLC Equipment: OSIsoft PI Web API Vulnerabilities: Inclusion of Sensitive Information in Log Files, Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow direct attacks against the product and disclose sensitive information.

Hundreds of Wisconsin elections offices use expired operating systems, official says | StateScoop (StateScoop) The state’s election security lead said 527 local clerks access the voter database on devices with operating systems near or past their expiration dates.

Security Patches, Mitigations, and Software Updates

Microsoft Releases August 2019 Security Updates (JPCERT/CC) Microsoft has released August 2019 Security Updates. This contains updates that are rated as "Critical". Remote attackers leveraging these vulnerabilities may be able to execute arbitrary code.

Cyber Trends

‘Under the Radar’ DDoS Attacks Increase by 158 Percent in Q2, 2019 Compared to the Same Time Last Year (BusinessWire) ‘Under the radar’ DDoS attacks increase by 158 percent in Q2, 2019 compared to the same time last year, according to Neustar

Q2 2019 Cyberthreats and Trends Report (Neustar) The Q2 2019 Cyberthreats and Trends Report from Neustar provides information on the latest developments in DDoS attacks, how to mitigate them and shares what steps to take in order to defend against these threats. Download the report and stay up to date.

Building a Culture of Security: 73 articles Summarizing Black Hat USA 2019 (Bricata) If there was a common theme at the 2019 Black Hat USA conference in Las Vegas, it may well have been security culture. Black Hat 2019 can be summarized here.

Opinion | All Your Data Is Health Data (New York Times) And Big Tech has it all.

SOC-as-a-Service promises threat protection in a world of scarce resources (Help Net Security) Because many are currently offering various flavors of SOC-as-a-Service, there can be a lot of variation in terms of what they can deliver.

CIOs Strive for Balance Between Looking Inward and Outward (Wall Street Journal) Technology’s expanding reach in the corporate world means chief information officers are taking a bigger role in developing strategies and customer services, while still keeping underlying systems running smoothly.

Marketplace

Western Companies in Hong Kong Activate Contingency Plans as Turmoil Spreads (Wall Street Journal) Banks and others are considering how to respond to a variety of possible scenarios as unrest in the city becomes more widespread and unpredictable.

What government can do to keep its cyber workforce (Fifth Domain) The government needs to show cybersecurity pros their value and invest in their careers, industry said.

Big name cybersecurity vendors are trying to buy their way to the top (CyberScoop) A strong economy and higher demand for security products means big vendors will continue buying startups to keep up with emerging technology.

Computacenter buys back ITAD business from Arrow (CRN) Services giant welcomes RDC unit back into the fold

Cybersecurity Association of Maryland (CAMI) Continues Dramatic Growth (MDCyber.com) Organization promotes Conklin to Director of Operations, CEO Smith Resigns August 13th, 2019 (Baltimore, MD) – The Board of Directors of the Cybersecurity Association of Maryland Inc. (CAMI) today announced that it has reached 500 overall members and in the last thirty days the association added three new Premier Sponsors bringing the total number to …

Inside the dark web scramble to get far-right conspiracy site 8chan back online (The Independent) Bad actors have thrived on dark web because it allows website owners and visitors to obscure their location and internet address

Products, Services, and Solutions

Stronger as One: IronNet Expands the Power of Collective Defense to Organizations of All Sizes - IronNet Cybersecurity | Network Traffic Analysis, AI, and Collective Defense (IronNet Cybersecurity) New strategic initiative will improve cyber defense collaboration and security outcomes across organization and industry IronNet Cybersecurity, the leading provider of collective defense and network behavioral analysis for companies and industries, today announces that IronDome, the industry’s first and only collective defense platform, is now available to companies of all sizes. Understanding that the ability …

BitSight® Announces Enterprise Analytics™ to Help Security and Risk Leaders Manage Cyber Risk Across Corporate Structures (PR Newswire) BitSight, the Standard in Security Ratings®, today announced BitSight Enterprise Analytics, the latest Security...

Netwrix Teams with Mott MacDonald to Power Data-Driven Decisioning with New Data Classification Offering (PR Newswire) Netwrix, a vendor of data security, governance and content services software, today announced that it has...

Technologies, Techniques, and Standards

NIST Lays Out Roadmap for Developing Artificial Intelligence Standards (Nextgov.com) The plan is meant to help federal leaders roll out standards that reduce the potential risks of AI without stifling innovation.

NGA takes big step to enable AI, big data and more (C4ISRNET) A potentially $824 million contract will help the National Geospatial-Intelligence Agency transition from its legacy systems.

CBP to expand use of facial recognition tech (Seeking Alpha) The U.S. Customs and Border Protection agency is set to expand its use of facial recognition, deploying the controversial technology to screen people entering the country.

Design and Innovation

Lockheed Launches New Weapons Cybersecurity Strategy (Breaking Defense) Hacking a spy satellite, stealth fighter, or smart bomb is very different from hacking a computer network, so the US military needs different defenses.

This is Lockheed’s new cyber resiliency scale for weapon systems (Fifth Domain) The goal is a framework to audit the cybersecurity of defense systems old and new.

Research and Development

Pentagon could offer up its bases as 5G test beds (C4ISRNET) The Pentagon might offer its infrastructure as test areas for American 5G technology development.

Academia

Women's Society of Cyberjutsu Crowns First Wicked6™ Cyber Games Champion (Yahoo) Electrifying Event Raised Funds for Women and Girls in Cybersecurity

Forum aims to reach and teach Kiwi youth about cybersecurity (CIO New Zealand) Cyber attacks are sent every 39 seconds which can accumulate to 300,000 new malware each day. It may be already too late but have you wondered how safe your device is? This is the key message Ytech aims to impart to Kiwi youth as it launches its first forum on cybersecurity.

CIT students earn scholarships to attend national cybersecurity conference (Gilmer Mirror) Three Kilgore College Information Technology (CIT) students were presented scholarships to attend a three-day national cybersecurity education conference in Bossier City, La.

MU designated as a National Center of Academic Excellence in Cyber Defense Research (University of Missouri News Burea) The National Security Agency (NSA) and the Department of Homeland Security have recognized the University of Missouri as a National Center of Academic Excellence in Cyber Defense Research. The distinction is designated through June 2024.

Legislation, Policy and Regulation

Russia after Putin: 2024 is a long way off, but the battle for the Kremlin has already begun (Times) Over the past few years Russia’s capital has undergone a transformation. Muscovites used to buy their groceries from faceless corner stores full of overheating refrigerators; today many shop at the...

Federal Ban on Chinese Telecom Equipment Takes Effect (Nextgov.com) Contracting officers will have new disclosure provisions to include in contracts issued after Aug. 13.

U.S. Retreats on Chinese Tariff Threats, Stocks Soar (Wall Street Journal) The U.S. will delay some tariffs against China on items such as cellphones, laptops and toys until Dec. 15, softening the blow of levies that were scheduled to take effect Sept. 1 on $300 billion of imports.

Litigation, Investigation, and Enforcement

[Letter from the Ranking Member to the Chairman] (US House Judiciary Committee) Dear Chairman Nadler: On July 24th, 2019, former Special Counsel Robert Mueller appeared before the House Judiciary Committee, compelled by subpoena, and answered questions from both Democrats and Republicans.

FTC Chief Says He’s Willing to Break Up Big Tech Companies (Bloomberg) Chairman Simons says FTC can unwind approved deals over harm. FTC is investigating Facebook acquisitions in antitrust probe.

SEC Investigating Data Leak at First American Financial Corp. (KrebsOnSecurity) The U.S. Securities and Exchange Commission (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp. that exposed more than 885 million personal and financial records tied to mortgage deals going back to 2003, KrebsOnSecurity has learned.

Energy Department Never Blacklists Risky Nuclear Tech Vendors, GAO Says (Nextgov.com) The process is too time-consuming and narrow to be effective, according to officials at the National Nuclear Security Administration.

Another EU antitrust complaint filed against Google - this time Google's job search service (Computing) The search giant has been accused of using its market dominance to favour its job search unit,Search ,Google for Jobs,Margrethe Vestager,EU Competition Commissioner,BestJobsOnline,Google,Antitrust

Geeky license plate earns hacker $12,000 in parking tickets (Ars Technica) A California man's vanity license plate backfires spectacularly.

He tried to prank the DMV. Then his vanity license plate backfired big time. (Mashable) It seemed like a good idea at the time.

Cyberespionage in the Czech Republic. DéjaBlue. More human review of AI. Insecure check-in. Exposed biometric database.

Bring your own context.